<div id="loginbox"><form id="login" method="post" action="">
<?php
if (isset($_POST['login'])) {
	
	$authusername = trim($_POST['authusername']);
	$authpassword = trim($_POST['authpassword']);
	$errors = array();
	
	// pull user info from db
	$sql = 'SELECT username, userId, pwd, salt, perm FROM user WHERE userId = ? OR username = ?';
	$stmt = $dbc->stmt_init();
	$stmt->prepare($sql);
	$stmt->bind_param('ss', $authusername, $authusername);
	$stmt->execute();
	$stmt->bind_result($username, $userId, $storedPwd, $authsalt, $sperm);	
	$stmt->fetch();
	$stmt->close();

	// Check user input against DB, if valid create session
	if (sha1($authpassword . $authsalt) == $storedPwd) {
		$_SESSION['userId'] = $userId;
		$_SESSION['user'] = $username;
		$_SESSION['perm'] = $sperm;
	}
	else {
		$errors[] = 'Invalid user / password combination.';
	}
}


// if login successful redirect to homepage
if (isset($_SESSION['userId'])) {
	header('Location: index.php?l=home');
}
else { 



?>
<!-- Display login Fields-->
<div style="text-align:center;width:1180px;float:left;">
	<h2>Login</h2><br />
	<div style="float:left;width:525px;text-align:right; line-height:19px;">
    	<label for="authusername" class="labelfield" >USER/ID:&nbsp;</label><br />
		<label for="authpassword" class="labelfield" >PASSWORD:&nbsp;</label>
	</div>
    <div style="float:left;text-aligh:left;">
		<input type="text" name="authusername" id="authusername" /><br />
		<input type="password" name="authpassword" id="authpassword" /><br /><br />
	</div><br /><br /><br /><br />
	<input type="submit" name="login" value="Login" />

<?php } 

// Display Error Message if any found
if (isset($errors) && !empty($errors)) {
	foreach ($errors as $error) {
		echo "<div style='float:left;width:1180px;margin-top:15px;'><font color='red'>$error</font></div>";
	}
}



?></div></form></div>